Category filter
PowerShell scripts to set or get event log properties
The document helps you with a PowerShell script to set or get event log properties on Windows devices.
Windows logs record detailed information about system events, errors, and application activities. They are categorized into three primary types: Application, Security, and System. The Application log records events related to applications, including errors, warnings, and informational messages. In contrast, the Security log captures security-related events such as login attempts and user account modifications. Finally, the System log encompasses events logged by system components and services, such as driver failures and system startup/shutdown events.
IT administrators often need to manage and monitor logs to track user activity, such as login/logout times, application errors, or system warnings. It is also necessary to manage log properties that define various attributes associated with log entries generated on the devices assigned to the users. The scripts described below let you set/get log properties like maximum log size and retention period for Windows. By setting maximum log size, IT administrators can avoid unnecessary resource consumption. When logs reach the maximum limit, older logs will be rewritten by newer ones. Likewise, setting a retention period helps determine how long the log data should be stored before being automatically deleted or archived. You can use the ‘Execute Custom Script’ action. action to execute such customized scripts on the devices.
The sample scripts provided below are adapted from third-party open-source sites.
Script to set log properties
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
param ( [string]$logName = "<log_name>", # Specify the log name, choosing among Application, Security, or System. [string]$maxSize = "<max_size>MB", # Specify the maximum log size (Default: 1024MB) [int]$retainDays = <retention _days> # Specify the retention period (Default: 7 days) ) # Set log properties function Set-LogProperties { param ( [string]$logName, [string]$maxSize, [int]$retainDays ) $logPath = "HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\$logName" # Set maximum log size Set-ItemProperty -Path $logPath -Name MaxSize -Value $maxSize # Set retention period Set-ItemProperty -Path $logPath -Name Retention -Value $retainDays } # Execute the function Set-LogProperties -logName $logName -maxSize $maxSize -retainDays $retainDays Write-Host "Log properties set successfully for $logName log." |
The PowerShell script to set event log properties facilitates the customization of maximum log size and retention period for Windows event logs. The retention period is the duration (in days) the log data is stored before deletion or archiving, while the maximum size (in megabytes) is the allocated disk space for log storage.
IT administrators can specify (as $logName) the type of log they want to configure these settings for Application, Security, or System. The Set-LogProperties function takes parameters such as log name ($logName), maximum log size ($maxSize), and retention period ($retainDays) to configure log properties within the Windows Registry.
After the execution of the script, the new values for the maximum size and retention period will be updated in the registry, and all options in the Log Properties of the specified Windows log will be greyed out.
Script to get log properties
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
param ( [string]$logName = "<log_name>" # Specify a log name, choosing among Application, Security, or System. ) # Get log properties function Get-LogProperties { param ( [string]$logName ) $logPath = "HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\$logName" # Get maximum log size $maxSize = (Get-ItemProperty -Path $logPath -Name MaxSize).MaxSize # Get retention days $retainDays = (Get-ItemProperty -Path $logPath -Name Retention).Retention [PSCustomObject]@{ LogName = $logName MaxSize = $maxSize RetainDays = $retainDays } } # Execute the function $logProperties = Get-LogProperties -logName $logName # Display log properties Write-Host "Log Properties for $($logProperties.LogName):" Write-Host " Maximum Size: $($logProperties.MaxSize)" Write-Host " Retention Days: $($logProperties.RetainDays)" |
The PowerShell script to get event log properties retrieves and displays properties, namely the maximum size (in megabytes) and retention period (in days), for the specified Windows event log. The Get-LogProperties function takes the log name as a parameter, retrieves the corresponding registry path, and utilizes Get-ItemProperty to fetch the maximum log size and retention period.
Following the execution of the script, the log properties will be displayed in the Action History of Hexode UEM.
- It is recommended to manually validate the script execution on a system before executing the action in bulk.
- Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.
